| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <4BD4ACAE.31493.75D9021D@nick.virus-l.demon.co.uk> Date: Mon, 26 Apr 2010 08:57:18 +1200 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: Compliance Is Wasted Money, Study Finds Shaqe Wan wrote: <<snip>> > Because it shall be nonsense to deal with CC, and not have an Anti-virus for example !! Well, you see, _that_ is abject nonsense on its face. Do you have any understanding of one of the most basic of security issues -- default allow vs. default deny? There are many more secure ways to run systems _without_ antivirus software. Anyone authoritatively stating that antivirus software is a necessary component of a "reasonably secure" system is a fool. Anyone authoritatively stating that antivirus software is a necessary component of a "sufficiently secure" system is one (or more) of; a fool, a person with an unusually low standard of system security, or a shill for an antivirus producer. So _if_, as you and another recent poster strongly imply, the PCI standards include a specific _requirement_ for antivirus software, then the standards themselves are total nonsense... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists